From e66d2541cf7ee1836784681331b6909421a86d63 Mon Sep 17 00:00:00 2001 From: Bogumil Zebek Date: Fri, 26 Jul 2019 10:25:09 +0200 Subject: Option 1 - vnf only Change-Id: I281dddab930328f24b9267aa6afc6ae08fd9ed01 Issue-ID: VNFSDK-396 Signed-off-by: Zebek Bogumil --- .../main/java/org/onap/cvc/csar/CSARArchive.java | 130 ++++++++----------- .../java/org/onap/cvc/csar/PnfCSARArchive.java | 27 +--- .../java/org/onap/cvc/csar/VnfManifestParser.java | 144 +++++++++++++++++++++ .../cvc/csar/cc/sol004/VTPValidateCSARR146092.java | 12 +- .../cvc/csar/cc/sol004/VTPValidateCSARR787965.java | 4 +- .../cvc/csar/cc/sol004/VTPValidateCSARR787966.java | 42 ++++-- .../java/org/onap/cvc/csar/parser/CmsParser.java | 10 +- .../org/onap/cvc/csar/parser/ManifestConsts.java | 4 +- .../org/onap/cvc/csar/parser/SourcesParser.java | 20 ++- .../cvc/csar/security/CmsSignatureValidator.java | 5 + 10 files changed, 270 insertions(+), 128 deletions(-) create mode 100644 csarvalidation/src/main/java/org/onap/cvc/csar/VnfManifestParser.java (limited to 'csarvalidation/src/main/java/org/onap/cvc/csar') diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/CSARArchive.java b/csarvalidation/src/main/java/org/onap/cvc/csar/CSARArchive.java index f1aff70..2b84997 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/CSARArchive.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/CSARArchive.java @@ -22,6 +22,7 @@ import java.io.IOException; import java.nio.file.Path; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -29,6 +30,8 @@ import java.util.Objects; import java.util.Optional; import org.apache.commons.io.FileUtils; +import org.apache.commons.lang3.tuple.Pair; +import org.onap.cvc.csar.parser.SourcesParser; import org.yaml.snakeyaml.Yaml; import com.fasterxml.jackson.core.JsonProcessingException; @@ -43,12 +46,6 @@ import com.fasterxml.jackson.databind.ObjectMapper; public class CSARArchive implements AutoCloseable { public static final String SOL0004_2_4_1 = "V2.4.1 (2018-02)"; - public String getSOL004Version() { - return SOL0004_2_4_1; - } - - private FileArchive.Workspace workspace; - protected Path tempDir; public static final String TEMP_DIR = "/tmp"; @@ -105,24 +102,8 @@ public class CSARArchive implements AutoCloseable { public static final String Entry_Definition__template_version = "template_version"; - public static final String Entry_Manifest__metadata = "metadata"; - - public static final String Entry_Manifest__metadata__vnf_provider_id = "vnf_provider_id"; - - public static final String Entry_Manifest__metadata__vnf_product_name = "vnf_product_name"; - - public static final String Entry_Manifest__metadata__vnf_release_data_time = "vnf_release_data_time"; - - public static final String Entry_Manifest__metadata__vnf_package_version = "vnf_package_version"; - - public static final String Entry_Manifest__non_mano_artifact_sets = "non_mano_artifact_sets"; - public static final String CSAR_Archive = "CSAR Archive"; - public FileArchive.Workspace getWorkspace() { - return this.workspace; - } - public enum Mode { WITH_TOSCA_META_DIR, WITHOUT_TOSCA_META_DIR @@ -739,6 +720,9 @@ public class CSARArchive implements AutoCloseable { public static class Manifest{ private boolean isNonManoAvailable; + private List sources = new ArrayList<>(); + private String cms; + public static class Metadata { private String providerId; @@ -806,6 +790,22 @@ public class CSARArchive implements AutoCloseable { this.nonMano = nonMano; this.isNonManoAvailable = true; } + + public List getSources() { + return Collections.unmodifiableList(sources); + } + + public void setSources(List sources) { + this.sources.addAll(sources); + } + + public String getCms() { + return this.cms; + } + + public void setCms(String cms) { + this.cms = cms; + } } private TOSCAMeta toscaMeta = new TOSCAMeta(); @@ -830,6 +830,26 @@ public class CSARArchive implements AutoCloseable { private List errors = new ArrayList<>(); + private FileArchive.Workspace workspace; + + protected Path tempDir; + + public CSARArchive(){ + this(new Manifest()); + } + + public CSARArchive(Manifest manifest) { + this.manifest = manifest; + } + + public FileArchive.Workspace getWorkspace() { + return this.workspace; + } + + public String getSOL004Version() { + return SOL0004_2_4_1; + } + public TOSCAMeta getToscaMeta() { return toscaMeta; } @@ -874,14 +894,6 @@ public class CSARArchive implements AutoCloseable { return errors; } - public CSARArchive(){ - this(new Manifest()); - } - - public CSARArchive(Manifest manifest) { - this.manifest = manifest; - } - public String getProductName() { if (this.toscaMeta.getMode().equals(Mode.WITH_TOSCA_META_DIR)) { @@ -922,56 +934,24 @@ public class CSARArchive implements AutoCloseable { void parseManifest() throws IOException { - int lineNo =0; - Listlines = FileUtils.readLines(this.manifestMfFile); - //first hit the metadata: section - for (String line: lines) { - lineNo ++; - line = line.trim(); + VnfManifestParser vnfManifestParser = VnfManifestParser.getInstance( + this.getManifestMfFile() + ); - if (line.startsWith("#")) { - continue; - } + Pair> metadataData = vnfManifestParser.fetchMetadata(); + Pair, List> sourcesSectionData = vnfManifestParser.fetchSourcesSection(); + Pair> cmsSectionData = vnfManifestParser.fetchCMS(); - //continue till it reaches the metadata section - if (line.equalsIgnoreCase(Entry_Manifest__metadata + ":")) { - break; - } - } + CSARArchive.Manifest manifest = this.getManifest(); + manifest.setMetadata(metadataData.getKey()); + this.getErrors().addAll(metadataData.getValue()); - if (lineNo < lines.size()) { - for (int i = lineNo; i< lines.size(); i++) { - String line = lines.get(i).trim(); + manifest.setSources(sourcesSectionData.getKey()); + this.getErrors().addAll(sourcesSectionData.getValue()); - if (line.startsWith("#") || line.isEmpty()) { - continue; - } + manifest.setCms(cmsSectionData.getKey()); + this.getErrors().addAll(cmsSectionData.getValue()); - String[] tokens = line.split(":"); - if (tokens.length < 2) continue; - String key = tokens[0]; - String value = tokens[1]; - - //continue till it reaches the metadata section - if (key.equalsIgnoreCase(Entry_Manifest__metadata__vnf_package_version)) { - this.manifest.getMetadata().setPackageVersion(value); - } else if (key.equalsIgnoreCase(Entry_Manifest__metadata__vnf_product_name)) { - this.manifest.getMetadata().setProductName(value); - } else if (key.equalsIgnoreCase(Entry_Manifest__metadata__vnf_provider_id)) { - this.manifest.getMetadata().setProviderId(value); - } else if (key.equalsIgnoreCase(Entry_Manifest__metadata__vnf_release_data_time)) { - this.manifest.getMetadata().setReleaseDateTime(value); - } else { - //Non-Mano entries are not processed as of now... - errors.add( - new CSARErrorIgnored( - key, - this.manifestMfFile.getName(), - i, - null)); - } - } - } } private void parseDefinitionMetadata() throws IOException { diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/PnfCSARArchive.java b/csarvalidation/src/main/java/org/onap/cvc/csar/PnfCSARArchive.java index f8e36d1..a6e2745 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/PnfCSARArchive.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/PnfCSARArchive.java @@ -19,8 +19,6 @@ import org.apache.commons.lang3.tuple.Pair; import org.onap.cvc.csar.parser.SourcesParser; import java.io.IOException; -import java.util.ArrayList; -import java.util.Collections; import java.util.List; import java.util.Map; import java.util.Optional; @@ -28,7 +26,7 @@ import java.util.Optional; public class PnfCSARArchive extends CSARArchive { public PnfCSARArchive(){ - super(new PnfManifest()); + super(new Manifest()); } @Override @@ -42,7 +40,7 @@ public class PnfCSARArchive extends CSARArchive { Pair> cmsSectionData = pnfManifestParser.fetchCMS(); Optional>>, List>> nonManoArtifactsData = pnfManifestParser.fetchNonManoArtifacts(); - PnfManifest manifest = (PnfManifest) this.getManifest(); + Manifest manifest = this.getManifest(); manifest.setMetadata(metadataData.getKey()); this.getErrors().addAll(metadataData.getValue()); @@ -68,25 +66,4 @@ public class PnfCSARArchive extends CSARArchive { String getEntryChangeLogParamName() { return "ETSI-Entry-Change-Log"; } - - public static class PnfManifest extends Manifest { - private List sources = new ArrayList<>(); - private String cms; - - public List getSources() { - return Collections.unmodifiableList(sources); - } - - void setSources(List sources) { - this.sources.addAll(sources); - } - - public String getCms() { - return this.cms; - } - - public void setCms(String cms) { - this.cms = cms; - } - } } diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/VnfManifestParser.java b/csarvalidation/src/main/java/org/onap/cvc/csar/VnfManifestParser.java new file mode 100644 index 0000000..d122fed --- /dev/null +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/VnfManifestParser.java @@ -0,0 +1,144 @@ +/* + * Copyright 2019 Nokia + *

+ * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + *

+ * http://www.apache.org/licenses/LICENSE-2.0 + *

+ * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.onap.cvc.csar; + +import org.apache.commons.lang3.tuple.Pair; +import org.onap.cvc.csar.parser.CmsParser; +import org.onap.cvc.csar.parser.SourcesParser; + +import java.io.File; +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.List; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +class VnfManifestParser { + + private static final String ENTRY_MANIFEST_METADATA = "metadata"; + private static final String ENTRY_MANIFEST_METADATA_VNF_PROVIDER_ID = "vnf_provider_id"; + private static final String ENTRY_MANIFEST_METADATA_VNF_PRODUCT_NAME = "vnf_product_name"; + private static final String ENTRY_MANIFEST_METADATA_VNF_RELEASE_DATA_TIME = "vnf_release_data_time"; + private static final String ENTRY_MANIFEST_METADATA_VNF_PACKAGE_VERSION = "vnf_package_version"; + + private final List lines; + private final String vnfManifestFileName; + private final SourcesParser sourcesParser; + private final CmsParser cmsParser; + + private VnfManifestParser(List lines, String vnfManifestFileName, SourcesParser sourcesParser, CmsParser cmsParser) { + this.lines = lines; + this.vnfManifestFileName = vnfManifestFileName; + this.sourcesParser = sourcesParser; + this.cmsParser = cmsParser; + } + + static VnfManifestParser getInstance(File vnfManifestFile) throws IOException { + String fileName = vnfManifestFile.getAbsolutePath(); + try (Stream stream = Files.lines(Paths.get(fileName))) { + List lines = stream + .map(String::trim) + .collect(Collectors.toList()); + + final String vnfManifestFileName = vnfManifestFile.getName(); + return new VnfManifestParser( + lines, + vnfManifestFileName, + new SourcesParser(vnfManifestFileName), + new CmsParser(vnfManifestFileName) + ); + } + } + + + Pair> fetchMetadata(){ + + final CSARArchive.Manifest.Metadata metadata = new CSARArchive.Manifest.Metadata(); + final List errors = new ArrayList<>(); + + int lineNo =0; + + //first hit the metadata: section + for (String line: lines) { + lineNo ++; + line = line.trim(); + + //continue till it reaches the metadata section + if (line.equalsIgnoreCase(ENTRY_MANIFEST_METADATA + ":")) { + break; + } + } + + if (lineNo < lines.size()) { + parseMetadataSection(metadata, errors, lineNo); + } + + return Pair.of(metadata, errors); + } + + private void parseMetadataSection(CSARArchive.Manifest.Metadata metadata, List errors, int lineNo) { + for (int i = lineNo; i< lines.size(); i++) { + String line = lines.get(i).trim(); + + String[] tokens = line.split(":"); + if (skipLine( line ) || tokens.length < 2){ + continue; + } + + String key = tokens[0]; + String value = tokens[1]; + + //continue till it reaches the metadata section + if (key.equalsIgnoreCase(ENTRY_MANIFEST_METADATA_VNF_PACKAGE_VERSION)) { + metadata.setPackageVersion(value); + } else if (key.equalsIgnoreCase(ENTRY_MANIFEST_METADATA_VNF_PRODUCT_NAME)) { + metadata.setProductName(value); + } else if (key.equalsIgnoreCase(ENTRY_MANIFEST_METADATA_VNF_PROVIDER_ID)) { + metadata.setProviderId(value); + } else if (key.equalsIgnoreCase(ENTRY_MANIFEST_METADATA_VNF_RELEASE_DATA_TIME)) { + metadata.setReleaseDateTime(value); + } else { + //Non-Mano entries are not processed as of now... + errors.add( + new CSARArchive.CSARErrorIgnored( + key, + vnfManifestFileName, + i, + null)); + } + } + } + + Pair, List> fetchSourcesSection() { + return this.sourcesParser.parse(this.lines); + } + + Pair> fetchCMS() { + return this.cmsParser.parse(this.lines); + } + + private boolean skipLine(String line) { + return line.startsWith("#") + || line.isEmpty() + || line.toLowerCase().startsWith("source") + || line.toLowerCase().startsWith("algorithm") + || line.toLowerCase().startsWith("hash"); + } +} diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR146092.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR146092.java index b84dea7..c9a4de1 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR146092.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR146092.java @@ -74,6 +74,12 @@ public class VTPValidateCSARR146092 extends VTPValidateCSARBase { private final Map>> nonMano; private final List errors = new ArrayList<>(); + private ValidateNonManoSection(CSARArchive csar, String fileName, Map>> nonMano) { + this.csar = csar; + this.fileName = fileName; + this.nonMano = nonMano; + } + static Optional getInstance(CSARArchive csar) { final File manifestMfFile = csar.getManifestMfFile(); if(manifestMfFile == null){ @@ -84,12 +90,6 @@ public class VTPValidateCSARR146092 extends VTPValidateCSARBase { return Optional.of(new ValidateNonManoSection(csar, fileName,nonMano)); } - private ValidateNonManoSection(CSARArchive csar, String fileName, Map>> nonMano) { - this.csar = csar; - this.fileName = fileName; - this.nonMano = nonMano; - } - public List validate() { List attributeNames = Arrays.asList( diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java index 97efd11..ef233f8 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java @@ -24,9 +24,11 @@ import org.onap.cvc.csar.CSARArchive; import org.onap.cvc.csar.FileArchive; import org.onap.cvc.csar.cc.VTPValidateCSARBase; import org.onap.cvc.csar.security.CmsSignatureValidator; +import org.onap.cvc.csar.security.CmsSignatureValidatorException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; import java.util.Optional; @@ -100,7 +102,7 @@ public class VTPValidateCSARR787965 extends VTPValidateCSARBase { } } - private void verifyTwoFileCertification(Path pathToCsarFile, Path pathToCertFile, Path pathToCmsFile) throws Exception { + private void verifyTwoFileCertification(Path pathToCsarFile, Path pathToCertFile, Path pathToCmsFile) throws IOException, CmsSignatureValidatorException { final CmsSignatureValidator securityManager = new CmsSignatureValidator(); byte[] csarContent = Files.readAllBytes(pathToCsarFile); diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787966.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787966.java index 2be0db8..7a14709 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787966.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787966.java @@ -22,7 +22,6 @@ import org.onap.cli.fw.error.OnapCommandException; import org.onap.cli.fw.schema.OnapCommandSchema; import org.onap.cvc.csar.CSARArchive; import org.onap.cvc.csar.FileArchive; -import org.onap.cvc.csar.PnfCSARArchive; import org.onap.cvc.csar.cc.VTPValidateCSARBase; import org.onap.cvc.csar.parser.SourcesParser; import org.onap.cvc.csar.security.ShaHashCodeGenerator; @@ -82,6 +81,13 @@ public class VTPValidateCSARR787966 extends VTPValidateCSARBase { } } + public static class CSARErrorUnableToFindSource extends CSARArchive.CSARError { + CSARErrorUnableToFindSource(String path) { + super("0x4006"); + this.message = String.format("Source '%s' does not exist!", path); + } + } + @Override protected void validateCSAR(CSARArchive csar) throws OnapCommandException { @@ -102,28 +108,42 @@ public class VTPValidateCSARR787966 extends VTPValidateCSARBase { private void validate(CSARArchive csar, Path csarRootDirectory ) throws IOException, NoSuchAlgorithmException { - final PnfCSARArchive.PnfManifest manifest = (PnfCSARArchive.PnfManifest) csar.getManifest(); + final CSARArchive.Manifest manifest = csar.getManifest(); final CSARArchive.TOSCAMeta toscaMeta = csar.getToscaMeta(); validateSecurityStructure(toscaMeta, csarRootDirectory, manifest); validateSources(csarRootDirectory, manifest); } - private void validateSecurityStructure(CSARArchive.TOSCAMeta toscaMeta , Path csarRootDirectory, PnfCSARArchive.PnfManifest manifest) { - final File entryCertificate = csarRootDirectory.resolve(toscaMeta.getEntryCertificate()).toFile(); - if (!entryCertificate.exists() && !manifest.getCms().isEmpty()) { + private void validateSecurityStructure(CSARArchive.TOSCAMeta toscaMeta , Path csarRootDirectory, CSARArchive.Manifest manifest) { + final Optional entryCertificate = resolveCertificateFilePath(toscaMeta, csarRootDirectory); + if (!entryCertificate.isPresent() || !entryCertificate.get().exists() && !manifest.getCms().isEmpty()) { this.errors.add(new CSARErrorUnableToFindCertificate()); - } else if (entryCertificate.exists() && manifest.getCms().isEmpty()) { + } else if (entryCertificate.get().exists() && manifest.getCms().isEmpty()) { this.errors.add(new CSARErrorUnableToFindCmsSection()); } } - private void validateSources(Path csarRootDirectory, PnfCSARArchive.PnfManifest manifest) throws NoSuchAlgorithmException, IOException { + private Optional resolveCertificateFilePath(CSARArchive.TOSCAMeta toscaMeta, Path csarRootDirectory) { + final String certificatePath = toscaMeta.getEntryCertificate(); + if(certificatePath == null){ + return Optional.empty(); + } else { + return Optional.of(csarRootDirectory.resolve(certificatePath).toFile()); + } + } + + private void validateSources(Path csarRootDirectory, CSARArchive.Manifest manifest) throws NoSuchAlgorithmException, IOException { final List sources = manifest.getSources(); for (SourcesParser.Source source: sources){ - if(!source.getAlgorithm().isEmpty()) { - validateSourceHashCode(csarRootDirectory, source); - } else if(source.getAlgorithm().isEmpty() && !source.getHash().isEmpty()){ - this.errors.add(new CSARErrorUnableToFindAlgorithm(source.getValue())); + final Path sourcePath = csarRootDirectory.resolve(source.getValue()); + if(!Files.exists(sourcePath)){ + this.errors.add(new CSARErrorUnableToFindSource(source.getValue())); + } else { + if (!source.getAlgorithm().isEmpty()) { + validateSourceHashCode(csarRootDirectory, source); + } else if (source.getAlgorithm().isEmpty() && !source.getHash().isEmpty()) { + this.errors.add(new CSARErrorUnableToFindAlgorithm(source.getValue())); + } } } } diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/parser/CmsParser.java b/csarvalidation/src/main/java/org/onap/cvc/csar/parser/CmsParser.java index b1bf4b4..aa0fb48 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/parser/CmsParser.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/parser/CmsParser.java @@ -48,9 +48,7 @@ public class CmsParser { for (String line : lines) { ManifestLine manifestLine = ManifestLine.of(line); - if (cmsSectionParsing && (manifestLine.startsWith(METADATA_SECTION_TAG_SECTION) - || manifestLine.startsWith(NON_MANO_ARTIFACT_SETS_TAG_SECTION) - || manifestLine.startsWith(SOURCE_TAG_SECTION))) { + if (cmsSectionParsing && isContainSepecialTag(manifestLine)) { isSpecialTagReached = true; } else if (!isSpecialTagReached && line.contains(BEGIN_CMS_SECTION)) { cmsSectionParsing = true; @@ -75,6 +73,12 @@ public class CmsParser { return constructResponse(buf, errors, cmsSectionParsing, endCmsMarkerReached); } + private boolean isContainSepecialTag(ManifestLine manifestLine) { + return manifestLine.startsWith(METADATA_SECTION_TAG_SECTION) + || manifestLine.startsWith(NON_MANO_ARTIFACT_SETS_TAG_SECTION) + || manifestLine.startsWith(SOURCE_TAG_SECTION); + } + private Pair> constructResponse(StringBuilder buf, List errors, boolean cmsSectionParsing, boolean endCmsMarkerReached) { if(endCmsMarkerReached) { return Pair.of(buf.toString(), errors); diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/parser/ManifestConsts.java b/csarvalidation/src/main/java/org/onap/cvc/csar/parser/ManifestConsts.java index da17317..afa0e2d 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/parser/ManifestConsts.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/parser/ManifestConsts.java @@ -20,8 +20,6 @@ package org.onap.cvc.csar.parser; final class ManifestConsts { - private ManifestConsts(){} - static final String METADATA_SECTION_TAG_SECTION = "metadata"; static final String SOURCE_TAG_SECTION = "source"; static final String ALGORITHM = "algorithm"; @@ -35,4 +33,6 @@ final class ManifestConsts { static final String BEGIN_CMS_SECTION = "BEGIN CMS"; static final String END_CMS_SECTION = "END CMS"; + private ManifestConsts(){} + } diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/parser/SourcesParser.java b/csarvalidation/src/main/java/org/onap/cvc/csar/parser/SourcesParser.java index 5f3f0d7..9cbef8a 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/parser/SourcesParser.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/parser/SourcesParser.java @@ -45,9 +45,7 @@ public class SourcesParser { for (int lineNumber = 0; lineNumber < lines.size(); lineNumber++) { String line = lines.get(lineNumber); ManifestLine manifestLine = ManifestLine.of(line); - if (sourceSectionParsing && (manifestLine.startsWith(METADATA_SECTION_TAG_SECTION) - || manifestLine.startsWith(NON_MANO_ARTIFACT_SETS_TAG_SECTION) - || line.contains(CMS))) { + if (sourceSectionParsing && isContainSpecialTag(line, manifestLine)) { isSpecialTagReached = true; } else if (!isSpecialTagReached && manifestLine.startsWith(SOURCE_TAG_SECTION)) { sourceSectionParsing = true; @@ -62,6 +60,12 @@ public class SourcesParser { return Pair.of(sources, errors); } + private boolean isContainSpecialTag(String line, ManifestLine manifestLine) { + return manifestLine.startsWith(METADATA_SECTION_TAG_SECTION) + || manifestLine.startsWith(NON_MANO_ARTIFACT_SETS_TAG_SECTION) + || line.contains(CMS); + } + private Source handleSourceLine(List sources, List errors, int lineNumber, ManifestLine manifestLine) { Source source; String value = parseSourceSectionLine(manifestLine, lineNumber, errors); @@ -140,8 +144,14 @@ public class SourcesParser { @Override public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; + if (this == o) { + return true; + } + + if (o == null || getClass() != o.getClass()) { + return false; + } + Source source1 = (Source) o; return Objects.equals(value, source1.value) && Objects.equals(algorithm, source1.algorithm) && diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java index 316c802..a168541 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java @@ -27,6 +27,8 @@ import org.bouncycastle.cms.SignerInformation; import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.operator.OperatorCreationException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -39,6 +41,8 @@ import java.util.Collection; public class CmsSignatureValidator { + private static final Logger LOG = LoggerFactory.getLogger(CmsSignatureValidator.class); + public boolean verifySignedData( final byte[] signature, final byte[] certificate, @@ -51,6 +55,7 @@ public class CmsSignatureValidator { return firstSigner.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert)); } catch (CMSSignerDigestMismatchException e){ //message-digest attribute value does not match calculated value + LOG.warn("CMS signer digest mismatch.", e); return false; } catch (OperatorCreationException | IOException | CMSException e) { -- cgit 1.2.3-korg